]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/blobdiff - net/netfilter/xt_string.c
projects / mirror_ubuntu-artful-kernel.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
[NETFILTER]: xt_hashlimit/xt_string: missing string validation
[mirror_ubuntu-artful-kernel.git] / net / netfilter / xt_string.c
diff --git a/net/netfilter/xt_string.c b/net/netfilter/xt_string.c
index 0ebb6ac2c8c769a2b1a19075d10dc35a1143a32a..d8e3891b5f8bd0aa9287fd8a7af88d4a6514a6e9 100644 (file)
--- a/net/netfilter/xt_string.c
+++ b/net/netfilter/xt_string.c
@@ -55,7 +55,10 @@ static int checkentry(const char *tablename,
        /* Damn, can't handle this case properly with iptables... */
        if (conf->from_offset > conf->to_offset)
                return 0;
-
+       if (conf->algo[XT_STRING_MAX_ALGO_NAME_SIZE - 1] != '\0')
+               return 0;
+       if (conf->patlen > XT_STRING_MAX_PATTERN_SIZE)
+               return 0;
        ts_conf = textsearch_prepare(conf->algo, conf->pattern, conf->patlen,
                                     GFP_KERNEL, TS_AUTOLOAD);
        if (IS_ERR(ts_conf))
Ubuntu Artful kernel mirror